1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. connect
  4. Issues

[Federation] Resolve response, federation historical keys response: Clarify the JWT must be typed

Issue #1815 resolved
Vladimir Dzhuvinov created an issue

Spec link: https://openid.net/specs/openid-connect-federation-1_0.html#name-resolve-response

A successful response MUST use the HTTP status code 200 and the content type set to application/resolve-response+jwt, containing resolved metadata and verified Trust Marks.

There is no explicit normative language that the JWT must be typed.

Comments (8)

  3. Giuseppe De Marco

    @Vlad do we have to say

    ”A successful response MUST use the HTTP status code 200 and MUST set the content type to application/resolve-response+jwt”?

  4. Vladimir Dzhuvinov reporter

    Let’s reuse this:

    https://openid.net/specs/openid-connect-federation-1_0.html#section-5.3

    Trust Mark JWTs MUST be explicitly typed by setting the typ header parameter to trust-mark+jwt. This is done to prevent cross-JWT confusion (see [RFC8725], section 3.11).

    Resolve response JWTs MUST be explicitly typed by setting the typ header parameter to resolve-response+jwt. This is done to prevent cross-JWT confusion (see [RFC8725], section 3.11).

    I now discovered that for the historical endpoint JWT we’ll also need to say that it must be explicitly typed. This is obvious to us now, but readers won’t know it :-) https://openid.net/specs/openid-connect-federation-1_0.html#section-7.5.2

  9. Log in to comment
Assignee
Type
bug
Priority
trivial
Status
resolved
Component
Federation
Milestone
Version
Votes
0
Watchers
1
Jira: the preferred issue tracker for Bitbucket. Join the team!